3. Snort - VPN - P2P-ruleset

Snort - VPN - P2P-ruleset

  • ?

    Hi everybody!

    I experienced with pfSense 2.1 and snort (different versions installed since NOV-2013) an issue with VPN tunnels (from pfSense to pfSense, a total of 3 appliances).  After 2-3 min of heavy load (ftp, samba) on the tunnel (IPsec or openVPN, doesn't matter which), the connection broke and the tunnel was gone.

    I tried several things, changed tunnel from initial IPsec to openVPN etc. pp. but finally and in the end I found that the tunnels were killed by funny little snort, P2P ruleset, several rules around eMule. After turning off this ruleset, the tunnels work fine and never ever again broke under load.

    Has anybody else experienced this before or has an explanation for this bug/feature?

    Kind regards!

    0
  • X

    Yep, happened to me. Well the vpn wasn't blocked because I have the remote host added to the $home_net, but it was triggering an alert.

    1:2003310 ET P2P Edonkey Publicize File

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy